summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-12-31 12:16:43 -0800
committerjessib <jessib@riseup.net>2013-12-31 12:16:43 -0800
commit47d9b62913789358aefe769de6b7e33da8547891 (patch)
tree20f9bf0f60b3a45209b94850c62245646d11c79c
parentfe3e374daa274a38723da52d929805b80f7ef383 (diff)
Add authentication to API, but not sure it is best way.
-rw-r--r--users/app/controllers/v1/messages_controller.rb2
-rw-r--r--users/test/functional/v1/messages_controller_test.rb9
2 files changed, 8 insertions, 3 deletions
diff --git a/users/app/controllers/v1/messages_controller.rb b/users/app/controllers/v1/messages_controller.rb
index 42a88f7..b58dfe9 100644
--- a/users/app/controllers/v1/messages_controller.rb
+++ b/users/app/controllers/v1/messages_controller.rb
@@ -1,7 +1,7 @@
module V1
class MessagesController < ApplicationController
- # TODO need to add authentication
+ before_filter :authorize_admin # not sure this is best way
respond_to :json
# for now, will not pass unseen, so unseen will always be true
diff --git a/users/test/functional/v1/messages_controller_test.rb b/users/test/functional/v1/messages_controller_test.rb
index 7666ba3..0bc09be 100644
--- a/users/test/functional/v1/messages_controller_test.rb
+++ b/users/test/functional/v1/messages_controller_test.rb
@@ -2,14 +2,13 @@ require 'test_helper'
class V1::MessagesControllerTest < ActionController::TestCase
- #TODO ensure authentication for all tests here
-
setup do
@message = Message.new(:text => 'a test message')
@message.save
@user = FactoryGirl.build(:user)
@user.message_ids_to_see << @message.id
@user.save
+ login :is_admin? => true
end
teardown do
@@ -52,4 +51,10 @@ class V1::MessagesControllerTest < ActionController::TestCase
assert_json_response false
end
+ test "fails if not admin" do
+ login :is_admin? => false
+ get :user_messages, :user_id => @user.id
+ assert_access_denied
+ end
+
end